Share Article

The application of mathematics, statistics, and machine learning to extract knowledge and detect threat patterns is an emerging technology that is proving effective at detecting sophisticated inside and cyber threats.

Interset - the Science of Threat Detection at RSA 2015 4317

If the data science solution does not support multiple data sources, then its analytical output will be incomplete.

San Franciso (PRWEB)April 23, 2015

Security expert and Interset CTO Stephan Jou says modern data science -- the application of mathematics, statistics, and machine learning to extract knowledge and detect threat patterns -- is an emerging technology that is proving effective at detecting sophisticated inside and cyber threats facing organizations today. In a briefing released this week at the RSA Conference and as part of the Verizon 2015 Data Breach Investigation Report, Jou said successful data science methods can provide a more accurate and operationally sound approach to threat detection, one that permits security teams to focus in on actual threats while simultaneously reducing the time wasting efforts of sorting through unimportant event-based alerts and chasing down false positives.

Machine learning, to to automatically compute and learn what normal is, instead of relying on manual thresholds

Probabilistic math, to use continuous numbers to describe how risky or suspicious something is

Entity based risk scoring, to automatically correlate, corroborate and aggregate risky events and attribute risk to the higher-level actors involved.

Jou said an important new focus to producing successful detection lies in combining multiple data feeds together.

"A compromised account may have an unusual process running (endpoint data), issue suspicious DNS queries (network data), and exhibit anomalous access to network share data (server access data). To mathematically stitch together an accurate picture of the entire kill chain requires holistic access to as many raw data feeds as practical. If the data science solution does not support multiple data sources, then its analytical output will be incomplete," said Jou.

Visit Interset this week at the RSA 2015 Conference Booth 4317 and see our #CoverYourAssets showcase, a presentation of outside and inside attacks that have been detected and prevented at real Interset customer sites.